SAP Indirect Access

Measuring SAP Indirect Usage (2025): Tools & Tips

Measuring SAP Indirect Usage

Introduction: Why Measuring Indirect Usage Is Critical

Indirect access โ€“ when third-party systems or users use SAP without a direct login โ€“ is a major compliance risk that often only comes to light during audits. You canโ€™t manage what you donโ€™t measure.

By then, the damage is done: organizations face surprise license fees for unlicensed use. Proactively monitoring SAP indirect access helps avoid those audit surprises and gives you data to choose the most cost-effective licensing approach.

SAP auditors are vigilant about indirect use. Even seemingly harmless integrations can lead to substantial fees if not properly licensed.

Rather than wait for an audit, companies should continuously monitor indirect access themselves โ€“ catching any unlicensed usage before SAP does and fixing it.

In short, measuring indirect usage is essential to avoid compliance problems and ensure youโ€™re only paying for what you need.

SAP USMM (User Measurement) โ€“ Capabilities and Limitations

USMM is SAPโ€™s built-in tool for measuring license usage in a single system. It tracks the number of users for each license type and tallies specific usage metrics for audits. USMM proposes a license type for each user based on their activity, which you can adjust before submitting results.

However, USMM cannot reliably detect indirect access. If a third-party application connects through one technical SAP login, USMM will just count that one user account โ€“ it wonโ€™t reveal that dozens of external users or devices are behind it. Indirect usage stays invisible in USMMโ€™s report. You need other methods to uncover indirect use that USMM misses.

SAP LAW (License Administration Workbench)

SAP LAW consolidates USMM data from multiple systems into one combined report. Using transaction SLAW, you import each systemโ€™s USMM results and LAW merges them, eliminating duplicates. For example, if one person has accounts in three systems, LAW counts them only once (using the highest license type among those accounts). This gives a unified view of your total SAP license consumption.

Like USMM, LAW doesnโ€™t flag indirect usage. A technical interface account will appear in LAWโ€™s output as just another user, with no indication that itโ€™s tied to an external system. LAWโ€™s job is to prevent double-counting of users across systems โ€“ it wonโ€™t tell you how those users are actually used. LAW is essential for audit compliance, but by itself, it wonโ€™t reveal unlicensed indirect access.

SLAW2 and LMBI โ€“ Enhanced License Analytics

SAP has improved its license management tools with SLAW2 and LMBI. SLAW2 (LAW 2.0) is a modernized license workbench that streamlines user consolidation and adds analytics (a friendlier interface, graphs, and reports to spot anomalies).

LMBI is a BI-driven tool for analyzing detailed usage metrics and running โ€œwhat ifโ€ license simulations (e.g., changing license counts or types to see the effect).

These tools help you be proactive in managing licenses. While they donโ€™t directly expose indirect use, they can highlight unusual patterns or growth that might signal an indirect access issue to investigate.

SAP Audit Scripts & Indirect-Use Diagnostics

SAPโ€™s auditors often use specialized audit scripts to detect indirect access. These custom ABAP programs (available via SAP Notes) scan your system for signs of third-party usage that standard tools might miss. For example, a script can list all RFC or web service calls into SAP and show which user IDs are making them, or find documents created by background technical users instead of interactive users.

You can run similar checks yourself before an audit. If a technical user is unexpectedly creating thousands of records or making frequent external calls, thatโ€™s a red flag. By using SAPโ€™s diagnostic scripts (or custom queries), you can catch indirect usage issues in advance and address them. The bottom line: donโ€™t rely solely on basic user counts โ€“ dig into detailed usage data like an auditor would.

System Logs & Integration Activity Analysis

Your SAP systemโ€™s logs are a goldmine for spotting third-party activity. STAD shows detailed logs of each transaction step and remote call. By filtering STAD for external call types (RFC, HTTP) or specific technical usernames, you can see exactly what an interface is doing. For example, you might discover that user โ€œPORTAL_USERโ€ executed a create-order function hundreds of times in one day via RFC โ€“ a clear sign of indirect usage.

ST03N aggregates usage statistics by user and task type. In ST03N, you might see an interface account ranking among the top users by transaction count or workload, even though no human logs in with that ID. That indicates a high volume of activity coming from an external integration.

By regularly checking STAD and ST03N, you can quickly identify which accounts correspond to external interfaces and how heavily theyโ€™re used. This ensures no high-activity integration user flies under the radar.

Monitoring Digital Access (Document Licensing)

To measure indirect usage under SAPโ€™s Digital Access model, use the Digital Access Evaluation Tool (DAET). This ABAP report counts how many business documents are created by external (non-SAP) inputs in your system.

Run the DAET for a given period (e.g., the past year) and it will output totals for each of the nine Digital Access document categories (such as sales orders, invoices, purchase orders, etc.). It may report that 10,000 sales order documents were created in SAP through external systems over the last 12 months.

This information is crucial if you license indirect use via documents, because it shows your actual consumption. We recommend running this evaluation regularly (say, quarterly) to track trends. If the numbers are growing, you can respond proactively โ€“ purchase additional document licenses or investigate the cause โ€“ before an official audit.

For more help, read SAP Indirect vs Digital Access: How to Choose the Right Licensing Model.

Third-Party License Management Tools

Third-party SAP license management tools can provide extra insight into indirect usage, especially in complex environments. They continuously monitor usage and offer alerts and dashboards. A SAM tool can flag if an interface suddenly spikes in activity, and it can simulate licensing scenarios such as comparing the cost of named-user vs. document licensing for an interface. These tools are helpful but optional โ€“ they donโ€™t replace SAPโ€™s official measurements. You still need USMM/LAW/DAET for compliance, but a SAM tool can give you early warnings and deeper analysis of usage patterns.

6 Steps to Detect Indirect Usage Before an SAP Audit

Use this checklist to regularly find and control indirect access in your SAP environment:

  1. Inventory Interfaces: List all external systems interfacing with SAP.
  2. Map Users: Identify which SAP user account each interface uses.
  3. Verify License: Check that each account is assigned an appropriate license type.
  4. Analyze Logs: Review STAD and ST03N logs for high activity or unusual usage by those accounts.
  5. Compare Models: Determine whether covering this usage with named users or with Digital Access (documents) would be more cost-effective.
  6. Remediate & Report: Resolve any issues (assign or purchase licenses, adjust integrations) and inform your compliance team of the actions taken.

Perform these steps periodically (not just during audits) to catch indirect usage issues early and avoid surprises.

For more insights, see SAP Indirect Access Mitigation & Contract Clauses.

Interpreting Findings & Next Steps

Once youโ€™ve measured indirect usage, decide how to license it appropriately.

If a small, known group of users is accessing SAP indirectly, assigning them proper SAP named user licenses may be the simplest solution.

If large numbers of external users or automated processes are driving the usage, SAPโ€™s Digital Access (document licensing) might make more sense. Use your data to weigh the cost of named users versus documents and choose the option that fits best.

Crucially, fix any compliance gaps immediately โ€“ donโ€™t wait for an audit. If you found unlicensed usage, work with SAP to obtain the necessary licenses or adjust your contract now, rather than later.

In the future, integrate indirect usage checks into your routine. Schedule regular internal audits of indirect use (for example, quarterly digital access counts and monthly log reviews) so you stay on top of changes.

And ensure any new SAP integration goes through a licensing review during planning. By making these practices a habit, youโ€™ll keep indirect usage under control and be well prepared for any future audits.

FAQ: Indirect Access Measurement

Q: Does USMM detect indirect access?
A: Not well. USMM focuses on direct SAP user accounts, so if external users access SAP through one technical login, USMM will treat it as just one user and show no sign of the indirect usage behind it.

Q: Can SAP LAW identify third-party interface users?
A: No. LAW simply merges user data across systems and doesnโ€™t indicate which accounts are external. An interface account will appear like any other user in LAWโ€™s report, so itโ€™s on you to recognize and properly license those accounts.

Q: How are documents counted under SAPโ€™s Digital Access model?
A: By running SAPโ€™s Digital Access evaluation report. This tool scans your system and counts how many business documents (orders, invoices, etc.) were created via external systems or users (i.e. indirectly).

Q: Which SAP transactions help find indirect usage?
A: STAD and ST03N are the main ones. STAD logs each external call (RFC, API, etc.) with details on the user and action, while ST03N shows aggregate usage by user. Using these, you can spot heavy activity by technical interface accounts that indicate indirect access.

Q: Does using a middleware or gateway eliminate indirect access license risk?
A: No โ€“ it helps manage it but doesnโ€™t eliminate it. A middleware or gateway centralizes external connections to SAP, making monitoring and security easier. However, all the usage through it still needs to be licensed (via named user licenses for the end users or Digital Access licenses for the documents created). Middleware reduces complexity, but you must still account for the indirect use in your SAP licensing.

Read more about our SAP Digital Access Advisory Service.

SAP Indirect Access Licensing 2025 Risks, Rules & How to Stay Protected

Do you want to know more about our SAP Advisory Services?

Name
Author
  • Fredrik Filipsson

    Fredrik Filipsson is the co-founder of Redress Compliance, a leading independent advisory firm specializing in Oracle, Microsoft, SAP, IBM, and Salesforce licensing. With over 20 years of experience in software licensing and contract negotiations, Fredrik has helped hundreds of organizationsโ€”including numerous Fortune 500 companiesโ€”optimize costs, avoid compliance risks, and secure favorable terms with major software vendors. Fredrik built his expertise over two decades working directly for IBM, SAP, and Oracle, where he gained in-depth knowledge of their licensing programs and sales practices. For the past 11 years, he has worked as a consultant, advising global enterprises on complex licensing challenges and large-scale contract negotiations.

    View all posts